Tavis Ormandy of the Google Security Team discovered several heap andstack buffer overflows and other flaws in libTIFF. The affected partsinclude the TIFFFetchShortPair(), TIFFScanLineSize() andEstimateStripByteCounts() functions, and the PixarLog and NeXT RLEdecoders.

Impact======

A remote attacker could entice a user to open a specially crafted TIFFfile, resulting in the possible execution of arbitrary code.

This GLSA and any updates to it are available for viewing atthe Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200608-07.xml

Concerns?=========

Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttp://bugs.gentoo.org.